This Privacy Policy is designed to provide you with information regarding:

We only process your personal data if one of the conditions set out in Article 6 of the General Data Protection Regulation (GDPR) is fulfilled, including but not limited to:

We are responsible for the security of the personal data of our customers, potential customers and others who contact us, so we strive to protect the confidentiality of your information. The Administration undertakes to take all necessary measures to prevent misuse of your personal data, which becomes known to us. We will process your personal data in strict accordance with the requirements of applicable law and only if there are legitimate grounds for such processing.

You are not required to provide us with personal data, but without certain information about you, we will not be able to provide you with some of our services. In the event that we control the ways in which we collect your personal data and determine the purpose of using this personal data, the Administration is the “controller of personal data” in accordance with the GDPR and other European data protection laws, as well as the “owner of the personal data” according to applicable law.

1. Timeframes

Personal data- Information or set of information about an individual who is or can be specifically identified (User);

Special categories of personal dataPersonal data, known as “sensitive”, which may harm the data subject at work, in an educational institution, at the place of residence, or may lead to discrimination in society. For example, it is personal data that includes information about racial origin, political or religious beliefs, union membership, health status, sex life, biometric or genetic data. In the terminology of Ukrainian legislation, it is personal data, the processing of which carries a special risk for the subjects of personal data;

Subject of personal data- this is an individual to whom the personal data relates and who can be identified by this personal data or who is already identified;

Administration of the site (Administration, as well as further in the text we, us, us, us)- Limited Liability Company “VERNA”, legal address: 61000, Ukraine, city. Kharkov, pr. Gagarina, 20-А, date of registration: 28.08.1997, entry number: 14801200000038638;

Processing of personal data- any action or set of actions, such as collection, registration, accumulation, storage, adaptation, modification, restoration, use and dissemination (distribution, sale, transfer), anonymization, destruction of personal data, including through information (automated) systems;

Dissemination of personal data- actions on the transfer of information about an individual with the consent of the subject of personal data;

Use of personal data- any actions of the Administration to process these data, actions to protect them, as well as actions to grant partial or full rights to process personal data to other subjects of relations related to personal data, carried out with the consent of the personal data subjects or in accordance with the legislation of Ukraine;

Anonymization of personal data- the removal of information that allows directly or indirectly to identify a person;
‍
User- personal data subject, any capable natural person who has joined this Policy in their own interests for advice or additional information about our decisions, who has contacted us and left their data on our websitehttps://www.verna.uausing the Internet;

Internet site- a website owned by the Administration and located at https://www.verna.ua

Register or fill out the feedback form- actions of the User in filling out and sending the registration form or feedback form posted on our websitehttps://www.verna.ua

Politics- this Privacy Policy is located at https://www.verna.ua/privacy-policy;

Controller of personal data- is a natural or legal person who determines the purposes and means of processing personal data and bears primary responsibility for their processing. The controller of personal data is the “owner of personal data” in the terminology of Ukrainian legislation. Within the framework of this Policy, the Controller of personal data is the limited liability company “VERNA”;

Personal data processor- this is a natural or legal person who, on the basis of instructions (instructions, orders) of the controller, processes personal data for the controller. The processor of personal data is the “controller of personal data” in the terminology of Ukrainian legislation.

2. General provisions
‍
2.1. The policy applies to all of your personal data that may be obtained by us in the course of your use of our website. This Policy applies to personal data obtained both before and after the entry into force of this Policy.
2.2. The purpose of the Policy is to provide you with the necessary information that will allow you to assess what personal data and for what purposes we process, how we process it and ensure security.
2.3. When using our website, you, by providing the Administration with your personal data, including through third parties, acknowledge your consent to the processing of your personal data in accordance with this Policy.
2.4. In case of disagreement with the terms of this Policy, you must stop using our website.
2.5. Consent to the processing of personal data may be withdrawn by the subject of personal data. In case of withdrawal of consent to the processing of personal data by the subject of personal data, the Administration has the right to continue the processing of personal data without the consent of the personal data subject if there are grounds specified in the Legislation.
2.6. The administration of the site does not check the accuracy of the personal data provided by the User, does not have the opportunity to assess its validity. However, the Administration assumes that the User acts in good faith, prudently, provides reliable and sufficient personal data and makes all necessary efforts to maintain such data up to date, and does not violate the rights of third parties.
2.7. By agreeing to the terms of this Policy, you confirm that at the time of personal data collection, you are informed about the persons to whom the personal data is transferred, the content and purposes of the personal data collection. You confirm (warrant) that the personal data transferred to us for processing is transferred with the consent of the owners of the personal data and within the framework of the Law.
2.8. The Administration, having received personal data from the User, does not assume obligations to inform the subjects (their representatives), whose personal data are transferred to it, about the beginning of the processing of personal data, since the obligation to carry out the relevant information, when concluding a contract with the subject of personal data and/or obtaining consent to such transfer, is User who transferred personal data.
2.9. The processing of your personal data is carried out in accordance with the requirements of the Law. The processing of personal data of persons residing in the EU or who are EU citizens is regulated, in particular, by the EU General Data Protection Regulation 2016/679 (hereinafter referred to as “GDPR”). Also, the legislation of other countries may establish additional requirements.
2:10 a.m. This Policy applies to all information that the Administration may obtain about the User when using our Internet site, as well as during the execution of any agreements and agreements with the User.
2:11 a.m. This Policy is an internal document of the Administration.
2:12 a.m. The controller is exempt from liability for the consequences associated with the processing of personal data if he is not responsible for the event that led to such consequences. You also agree that the Owner of Personal Data has the right to provide access to and transfer your personal data to third parties without any further notice, only in cases where this does not change the purpose of their processing and only in cases provided for in this Privacy Policy and/or the legislation of Ukraine.
No one under the age of 18 should provide us with personal information through the feedback forms of our website. We do not purposefully collect personal information from individuals under the age of 18. Parents and guardians should constantly monitor the related activities of their children.
‍
3. Composition of personal data

3.1. The Administration, in order to carry out its activities and fulfill its obligations, processes the User's personal data provided by him when registering on the site https://www.verna.ua.
3.2. Personal data of the User include: last name, first name, patronymic, e-mail address, mobile/landline phone number and any other information that the User wishes to provide about himself. We ask you to provide only the personal data that is necessary to provide you with advice or information about our decision, to receive a newsletter or to respond to your specific request/claim. If you choose to provide us with additional personal data, we will also be able to process it with the necessary level of protection.
3.3. The administration has the right to establish requirements for the composition of personal data, which must be provided when used. If certain information is not marked by the Administration as mandatory, it is provided by the User at his own request.
3.4. Data automatically transmitted to the Administration by the User using the software installed on the device: IP address, information about the browser and the type of operating system of the device, technical characteristics of the equipment and software, date and time of access to the Internet site.

4. Basis and purpose of personal data processing 

4.1. The bases for the processing of personal data are:
1) consent of the personal data subject to the processing of his personal data by the Administration;
2) the conclusion and execution of a contract, one of the parties of which is the subject of personal data, or which is concluded in favor of the personal data subject, or for the implementation of measures preceding the conclusion of the contract at the request of the personal data subject;
3) the need for the Administration to comply with the requirements stipulated by the Law.
4.2. The purpose of processing personal data is:

5. Basic principles of personal data processing

5.1. Processing of personal data by the Administration is carried out on the basis of the principles:
5.1.1. Legality of the purposes and methods of processing personal data;
5.1.2. The good faith of the Administration, as the owner of personal data, is achieved by fulfilling the requirements of the legislation of Ukraine regarding the processing of personal data;
5.1.3. Achieving specific, predetermined purposes for the processing of personal data;
5.1.4. Compliance of the purposes of processing personal data with the purposes defined and stated in the collection of personal data;
5.1.5. Compliance of the list and volume of processed personal data, as well as the methods of processing personal data with the stated purposes of processing;
5.1.6. Accuracy of personal data, their adequacy for the purposes of processing, inadmissibility of processing personal data, unnecessary for the purposes of processing personal data;
5.1.7. Ensuring in the processing of personal data the accuracy of personal data, their adequacy and, where necessary, relevance in relation to the purposes of personal data processing.
5.1.8. Inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
5.1.9. Storage of personal data in a form that allows you to identify the subject of personal data for no longer than required by the purposes of their processing.
5/1/10. The processed personal data are subject to destruction or dispossession when achieving the purposes of processing or in case of loss of the need to achieve these purposes, unless otherwise provided for by the legislation of Ukraine and the GDPR.
5.1.11. We must also take into account the periods during which we may need to retain your personal data in order to fulfil our legal obligations to you or to regulatory authorities.
5.1.12. Over time, we may minimize the personal data we use, or we may even anonymize your data so that it can no longer be associated with you personally. In this case, we may use this information for statistical or other purposes without further notice to you, as such information ceases to be personal data.
5.2. The processing of personal data is carried out by the Administration for statistical or other research purposes, subject to mandatory dispossession of personal data.
5.3. The Administration does not process personal data relating to racial or ethnic affiliation, political, religious or worldview beliefs, membership in political parties and professional associations, criminal convictions, as well as data relating to health, sexual life, biometric and genetic data.
5.4. The processing of personal data is carried out in compliance with the conditions defined by the legislation of Ukraine and the GDPR.
‍
6. Terms of processing of personal data

6.1. The terms of processing of personal data are determined taking into account the purposes of processing, but not longer than provided for by law.
6.2. Personal data, the period of processing (storage) of which has expired, must be destroyed or dispossessed, unless otherwise provided by law. The storage of personal data is carried out in a form that allows to identify the subject of personal data, for no longer than the purposes of personal data processing require, unless the term of storage of personal data is established by law. The personal data processed are subject to destruction or dispossession when achieving the purposes of processing or in case of loss of the need to achieve these purposes, unless otherwise provided by law. We must also take into account the periods during which we may need to retain your personal data in order to fulfil our legal obligations to you or regulatory authorities (in accordance with EU Regulation 261/2004).
6.3. Over time, we may minimize the use of your personal data or may even make your data anonymous so that it can no longer be associated with you personally. In this case, we may use this information without further notice to you.
‍
7. The range of persons who have access to the processing of personal data by the Administration.

7.1. To achieve the purposes of this Policy regarding the processing of personal data, only those employees of the Administration who are assigned such duties in accordance with their official duties have access. Access by other employees may be granted only in cases provided for by Law. The Administration ensures that its employees observe confidentiality and ensure the security of personal data when processing them.
7.2. The Administration has the right to transfer personal data to third parties in the following cases:
- the subject of personal data has expressed his consent in writing to such actions;
- the transfer is provided for by Ukrainian or other relevant legislation within the framework of the procedure established by the legislation. At the same time, access to personal data is not granted to a third party if the specified person refuses to undertake obligations to ensure compliance with the requirements of the Law or cannot provide them.
7.3. The Administration may guarantee the processing of personal data to a third party with the consent of the personal data subject, unless otherwise provided for by the legislation of Ukraine, on the basis of a contract concluded with a third party, the condition of which is confidentiality and non-disclosure of personal data.
7.4. Representatives of state authorities (in particular, controlling, supervisory, law enforcement and other bodies) have access to personal data processed by the Administration, in the scope and manner specified by the Legislation.

8. Implementation of personal data protection

8.1. The activities of the Administration regarding the processing of personal data in information systems are inextricably linked with the protection of the confidentiality of the information received, unless it contradicts the current legislation.
8.2. The system of personal data protection includes organizational and (or) technical measures, determined taking into account current threats to the security of personal data and information technologies used in information systems. The administration is updating these measures with the emergence of new technologies as necessary.
8.3. The exchange of personal data during their processing in the information systems of the Administration is carried out through communication channels protected by technical means of information protection.
8.4. When processing personal data in information systems, the Administration provides:

8.5. Confidentiality is maintained with respect to personal information.
8.6. The Administration implements the following requirements of the legislation of Ukraine in the field of personal data:

8.8. Cookies and other tracking technologies. Cookies are small text files that websites store on a computer or mobile device when they are used. In this way, the site remembers your preferences and the actions you take for a while, in particular, so that you do not have to re-enter this data. Our cookies by themselves do not identify an individual user, but only identify the computer or mobile device you are using.
Cookies and other tracking technologies on our website may be used in various ways, such as ensuring the functioning of the Internet site, analyzing traffic or for advertising purposes. We use cookies and other tracking technologies, in particular, to improve the quality and efficiency of our services.
Further information on what cookies are, how they work, how to manage them or how to delete them can be found at www.allaboutcookies.org.
Please note that in the settings of some Internet browsers you can configure the prohibition of cookies and other tracking technologies. At the same time, it is important to understand that if some cookies are disabled, it is possible to limit the functionality of the Internet site, as well as the incorrect operation of some pages.
‍
9. Rights of the subject of personal data

9.1. Rights of personal data subjects in accordance with the legislation of Ukraine:
9.1.1. Know about the sources of collection, the location of their personal data, the purposes of their processing, the location of the personal data controller or issue an appropriate order to obtain this information to authorized persons, except as established by Law.
9.1.2. Obtain information about the conditions for providing access to personal data, including information about third parties to whom his personal data is transferred.
9.1.3. Have access to your personal data.
9.1.4. Receive no later than thirty calendar days from the date of receipt of the request, except as provided for by the Law, an answer as to whether his personal data is processed and which ones.
9.1.5. Make a reasonable request to the Administration to object to the processing of his personal data.
9.1.6. Make a reasonable request to change or destroy your personal data if the data is processed unlawfully or is inaccurate.
9.1.7. Protect your personal data from unlawful processing and accidental loss, destruction, damage due to intentional concealment, non-provision or untimely provision, as well as from the provision of information that is inaccurate or discredits the honor, dignity and business reputation of an individual.
9.1.8. Complain about the processing of your personal data to the Administration, to the Commissioner of the Verkhovna Rada of Ukraine on human rights or to the court.
9.1.9. Apply remedies in case of violation of the legislation on the protection of personal data.
9/1/10. Make reservations about limiting the right to process your personal data when providing consent.
9/1/11. Withdraw consent to the processing of personal data.
9.1.12. Familiarize yourself with the mechanism of automated processing of personal data.
9/1/13. Protect yourself from an automated decision that has legal consequences for it.
9/1/14. The Administration has the right to transfer the processing of personal data to a third party with the consent of the personal data subject, unless otherwise provided for by the legislation of Ukraine, on the basis of a contract concluded with a third party, the condition of which is confidentiality and non-disclosure of personal data.
9:1.15 a.m. Representatives of state authorities (including supervisory, supervisory, law enforcement and other bodies) have access to personal data processed in the Administration in the scope and procedure defined by the legislation of Ukraine.
9.2. Other rights of personal data subjects according to GDPR:
9.2.1. Right to information. We are willing to provide data subjects with information about which of their personal data we process.
9.2.2. You have the right to correct your data. If you find that some of the personal data we process about you is incorrect or outdated, please let us know.
9.2.3. Withdrawal of consent to the processing of personal data and the right to be forgotten.
If the Administration processes your personal data on the basis of consent to the processing of personal data (in particular, for the purpose of marketing/advertising mailings), further processing can be completed at any time. It is enough to withdraw consent to such processing.
You can also exercise your right to be forgotten. In the cases provided for by Art. 17 GDPR, the Administration will destroy your personal data that it processes, with the exception of personal data, which we will be obliged to store in accordance with the requirements of the law.
Also in this case, in order to ensure security, the Administration may ask you to provide a document confirming your identity, including a personal visit to the address of the Administration.

10. Change of privacy policy

10.1. This Policy may be amended or terminated by the Administration unilaterally without prior notice to Users, in particular if required by applicable law. The new version of the Policy shall enter into force from the moment of its posting on the website, unless the new version of the Policy provides otherwise. Therefore, we ask you to visit the Internet site at https://www.verna.uato make sure you have up-to-date information.

11. Who you can contact to protect your personal data

11.1. If you have any questions, comments, complaints or wishes regarding the protection and processing of personal data, you can contact the Director of VERNA LLC Vadim Storozhev, e-mail address: partner@verna.ua, postal address: 61000, m. Kharkiv, Gagarina Ave., 20A. Be sure to include in all correspondence your name, surname, email address, as well as detailed questions, comments, complaints or claims.
11.2. The administrative body for the protection of personal data in Ukraine is the Department for the Protection of Personal Data of the Secretariat of the Verkhovna Rada of Ukraine Commissioner for Human Rights. You can contact him with complaints or suggestions if you believe that your rights in connection with the processing of personal data have been violated.